| Date: | 26 Oct 2004 17:00:36 -0000 |
From: | "Peter Laborge" <plaborge@securityfocus.com>
| To: | linux-secnews@securityfocus.com |
Subject: | SecurityFocus Linux Newsletter #207 |
SecurityFocus Linux Newsletter #207
------------------------------------
This Issue is Sponsored By: SecurityFocus
Stay up to date. All the latest news, columns, jobs and more in a
convenient html newsletter - Even a glimpse of upcoming columns and
feature
articles! Sign up today!
http://www.securityfocus.com/htmlnewsletter/subscribe
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Issues Discovering Compromised Machines
2. The Latest Tool in Competition: Hacking
3. Security, 1994-2004: Then And Now
II. LINUX VULNERABILITY SUMMARY
1. H+BEDV AntiVir MS-DOS Name Scan Evasion Vulnerability
2. cPanel Remote Backup Information Disclosure Vulnerability
3. cPanel Front Page Extension Installation File Ownership Vuln...
4. cPanel Front Page Extension Installation Information Disclos...
5. BMON Local Privilege Escalation Vulnerability
6. MPG123 Remote URL Open Buffer Overflow Vulnerability
7. Mozilla Browser Cross-Domain Tab Window Form Field Focus Vul...
8. Opera Web Browser Cross-Domain Dialog Box Spoofing Vulnerabi...
9. LibPNG Graphics Library Image Height Integer Overflow Vulner...
10. Gaim MSN SLP Remote Buffer Overflow Vulnerability
11. Gaim MSN Remote File Transfer Denial Of Service
Vulnerabilit...
12. Gaim MSN Remote SLP Denial Of Service Vulnerability
13. Ecartis Remote Undisclosed Privilege Escalation
Vulnerabilit...
14. Linux Kernel IPTables Logging Rules Integer Underflow
Vulner...
15. SuSE Linux IBM S/390 Kernel Local Privilege Escalation
Vulne...
16. Zinf/Freeamp Unspecified Insecure Temporary File Creation
Vu...
17. Linux Kernel TIOCSETD Terminal Subsystem Race Condition
Vuln...
18. Linux Kernel Terminal Locking Race Condition Vulnerability
19. Altiris Deployment Server Remote Command Execution
Vulnerabi...
20. Xpdf PDFTOPS Multiple Integer Overflow Vulnerabilities
21. LibTIFF OJPEG Heap Buffer Overflow Vulnerability
22. HP ServiceGuard Undisclosed Remote Vulnerability
III. LINUX FOCUS LIST SUMMARY
NO NEW POSTS FOR THE WEEK 2004-10-19 to 2004-10-26.
IV. NEW PRODUCTS FOR LINUX PLATFORMS
1. Cyber-Ark Inter-Business Vault
2. EnCase Forensic Edition
3. KeyGhost SX
4. SafeKit
5. Astaro Linux Firewall
6. CAT Cellular Authentication Token and eAuthentication Servic...
V. NEW TOOLS FOR LINUX PLATFORMS
1. PIKT - Problem Informant/Killer Tool v1.17.0
2. ID-Synch 3.1
3. Nmap v3.70
4. THC-Hydra v4.3
5. Pads 1.1
6. cenfw 0.3b
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Issues Discovering Compromised Machines
By Anton Chuvakin
This article discusses the discovery of compromised machines in large
enterprise environments, and offers some suggestions on correlating
NIDS
and HIPS logs to avoid false positives.
http://www.securityfocus.com/infocus/1808
2. The Latest Tool in Competition: Hacking
By Mark Rasch
A new federal case illustrates the role computer intrusion is taking in
the
high-stakes world of niche Internet commerce.
http://www.securityfocus.com/columnists/273
3. Security, 1994-2004: Then And Now
By Daniel Hanson
Comparing the state of security in 1994 versus 2004, has anything
really
changed over the course of ten years?
http://www.securityfocus.com/columnists/272
II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. H+BEDV AntiVir MS-DOS Name Scan Evasion Vulnerability
BugTraq ID: 11444
Remote: Yes
Date Published: Oct 18 2004
Relevant URL: http://www.securityfocus.com/bid/11444
Summary:
AntiVir is affected by a scan evasion vulnerability when handling files
with MS-DOS reserved device names. This issue is due to a design error
that allows the files to avoid being scanned.
Apparently it is possible for an attacker to name a standard file after
a reserved MS-DOS device name. The attacker may deliver the file to a
user through various delivery mechanisms. If successful, the attacker
may leverage this issue to bypass the scanner protection provided by the
vulnerable antivirus scanner, giving users a false sense of security.
A similar vulnerability affecting Symantec Norton AntiVirus was
reported in BID 11328 (Symantec Norton AntiVirus MS-DOS Name Scan Evasion
Vulnerability). The researcher responsible for discovering this issue has
stated that this vulnerability is identical to the issue described in
BID 11328. Therefore, it is conjectured that this issue does not
present a risk factor when a file is sent through email and only arises once
the file is already present on a vulnerable computer.
This BID will be updated as more information becomes available.
2. cPanel Remote Backup Information Disclosure Vulnerability
BugTraq ID: 11449
Remote: Yes
Date Published: Oct 18 2004
Relevant URL: http://www.securityfocus.com/bid/11449
Summary:
It is reported that cPanel is susceptible to an information disclosure
vulnerability in its remote backup function.
Attackers can reportedly exploit this vulnerability to retrieve the
contents of potentially sensitive files located in the same slice as their
home directory. This may aid them in further attacks.
Version 9.4.1-RELEASE-64 of cPanel was reported vulnerable. Other
versions may also be affected.
3. cPanel Front Page Extension Installation File Ownership Vuln...
BugTraq ID: 11455
Remote: Yes
Date Published: Oct 18 2004
Relevant URL: http://www.securityfocus.com/bid/11455
Summary:
It is reported that cPanel is susceptible to a file ownership
vulnerability in its function to enable Front Page extensions.
This vulnerability allows malicious users to gain full access to
potentially sensitive files. Depending on the layout of the hard drive
slices, it may be possible for attackers to exploit this vulnerability to
gain elevated privileges.
Version 9.4.1-RELEASE-64 of cPanel was reported vulnerable. Other
versions may also be affected.
4. cPanel Front Page Extension Installation Information Disclos...
BugTraq ID: 11456
Remote: Yes
Date Published: Oct 18 2004
Relevant URL: http://www.securityfocus.com/bid/11456
Summary:
It is reported that cPanel is susceptible to an information disclosure
vulnerability in its function to enable Front Page extensions.
This vulnerability reportedly allows attackers to gain access to the
contents of arbitrary, potentially sensitive files. This may aid them in
further attacks.
Version 9.9.1-RELEASE-3 of cPanel was reported vulnerable. Other
versions may also be affected.
5. BMON Local Privilege Escalation Vulnerability
BugTraq ID: 11457
Remote: No
Date Published: Oct 18 2004
Relevant URL: http://www.securityfocus.com/bid/11457
Summary:
It is reported that bmon is susceptible to a privilege escalation
vulnerability if installed with setuid permissions.
This vulnerability allows local attackers to execute arbitrary code
with the privileges of the bmon package. It is reported that the FreeBSD
port system installs bmon with setuid superuser privileges, allowing
local attackers to execute arbitrary code with superuser privileges.
This vulnerability is reported to exist in bmon version 1.2.1 on any
platform that installs it with setuid privileges. Other versions may also
be affected.
For FreeBSD, versions prior to 1.2.1_2 are reported susceptible. Other
platforms that install bmon with setuid privileges are unknown at this
time.
6. MPG123 Remote URL Open Buffer Overflow Vulnerability
BugTraq ID: 11468
Remote: Yes
Date Published: Oct 20 2004
Relevant URL: http://www.securityfocus.com/bid/11468
Summary:
Reportedly mpg123 is affected by a remote buffer overflow
vulnerability. This issue is due to insufficient bounds checking when copying
user-supplied strings into finite process buffers.
An attacker may leverage this issue to execute arbitrary machine code
on an affected computer with the privileges of an unsuspecting user that
activated the vulnerable application.
7. Mozilla Browser Cross-Domain Tab Window Form Field Focus Vul...
BugTraq ID: 11474
Remote: Yes
Date Published: Oct 20 2004
Relevant URL: http://www.securityfocus.com/bid/11474
Summary:
A cross-domain tab window form field focus vulnerability reportedly
affects Mozilla browser and all browsers derived from it. This issue is
due to an access validation error that allows a web page to gain access
to form fields in other web pages rendered in different tabs of the
same browser window.
This issue may be leveraged to facilitate convincing phishing style
attacks designed to reveal sensitive information such as passwords and
financial details.
8. Opera Web Browser Cross-Domain Dialog Box Spoofing Vulnerabi...
BugTraq ID: 11475
Remote: Yes
Date Published: Oct 20 2004
Relevant URL: http://www.securityfocus.com/bid/11475
Summary:
Opera is reported prone to a cross-domain dialog box spoofing
vulnerability. This issue may allow a remote attacker to carry out phishing
style attacks as an attacker may exploit this vulnerability to spoof an
interface of a trusted web site.
Opera version 7.54 is reported susceptible to this issue, but other
versions may also be affected.
9. LibPNG Graphics Library Image Height Integer Overflow Vulner...
BugTraq ID: 11481
Remote: Yes
Date Published: Oct 20 2004
Relevant URL: http://www.securityfocus.com/bid/11481
Summary:
LibPNG is the official Portable Network Graphics (PNG) reference
library.
LibPNG is reported susceptible to an image height integer overflow
vulnerability.
A specially crafted PNG image could reportedly overflow an integer
value, and possibly result in overwriting of critical memory regions
allowing for the alteration of proper program execution. This vulnerability
may be exploited to execute attacker-supplied code in the context of an
application that utilized the affected library.
10. Gaim MSN SLP Remote Buffer Overflow Vulnerability
BugTraq ID: 11482
Remote: Yes
Date Published: Oct 20 2004
Relevant URL: http://www.securityfocus.com/bid/11482
Summary:
Gaim is reportedly affected by a remote buffer overflow vulnerability
in its MSN SLP message functionality of gaim. This issue is due to a
failure of the application to verify buffer bounds when copying
user-supplied input.
An attacker can leverage this issue to execute arbitrary code on an
affected computer with the privileges of the user that executed the
vulnerable application.
11. Gaim MSN Remote File Transfer Denial Of Service Vulnerabilit...
BugTraq ID: 11483
Remote: Yes
Date Published: Oct 20 2004
Relevant URL: http://www.securityfocus.com/bid/11483
Summary:
Gaim is affected by a remote MSN file transfer denial of service
vulnerability. This issue is due to a failure of the application to properly
handle exceptional conditions.
An attacker may leverage this issue to cause an affected client to
crash, denying service to legitimate users.
12. Gaim MSN Remote SLP Denial Of Service Vulnerability
BugTraq ID: 11484
Remote: Yes
Date Published: Oct 20 2004
Relevant URL: http://www.securityfocus.com/bid/11484
Summary:
Gaim is affected by a remote MSN SLP denial of service vulnerability.
This issue is due to a failure of the application to properly handle
exceptional conditions.
An attacker may leverage this issue to cause an affected client to
crash, denying service to legitimate users.
13. Ecartis Remote Undisclosed Privilege Escalation Vulnerabilit...
BugTraq ID: 11487
Remote: Yes
Date Published: Oct 21 2004
Relevant URL: http://www.securityfocus.com/bid/11487
Summary:
Ecartis is reported prone to a remote undisclosed privilege escalation
vulnerability. A remote attacker may exploit this issue to gain
administrative access to the ecartis list.
14. Linux Kernel IPTables Logging Rules Integer Underflow Vulner...
BugTraq ID: 11488
Remote: Yes
Date Published: Oct 21 2004
Relevant URL: http://www.securityfocus.com/bid/11488
Summary:
It is reported that an integer underflow vulnerability is present in
the iptables logging rules of the Linux kernel 2.6 branch.
A remote attacker may exploit this vulnerability to crash a computer
that is running the affected kernel.
The 2.6 Linux kernel is reported prone to this vulnerability, the 2.4
kernel is not reported to be vulnerable.
15. SuSE Linux IBM S/390 Kernel Local Privilege Escalation Vulne...
BugTraq ID: 11489
Remote: No
Date Published: Oct 21 2004
Relevant URL: http://www.securityfocus.com/bid/11489
Summary:
SuSE Linux is reported prone to a local privilege escalation
vulnerability. It is reported that this vulnerability only affects SuSE Linux
Enterprise Server 9 when it is installed on the IBM S/390 platform.
A local attacker may exploit this vulnerability to escalate privileges.
16. Zinf/Freeamp Unspecified Insecure Temporary File Creation Vu...
BugTraq ID: 11490
Remote: No
Date Published: Oct 21 2004
Relevant URL: http://www.securityfocus.com/bid/11490
Summary:
Zinf/Freeamp are affected by an unspecified insecure temporary file
creation vulnerability. This issue is likely due to a design error that
causes the application to fail to verify the existence of a file before
writing to it.
An attacker may leverage this issue to overwrite arbitrary files with
the privileges of an unsuspecting user that activates the vulnerable
application.
17. Linux Kernel TIOCSETD Terminal Subsystem Race Condition Vuln...
BugTraq ID: 11491
Remote: No
Date Published: Oct 21 2004
Relevant URL: http://www.securityfocus.com/bid/11491
Summary:
The Linux Kernel is prone to a local vulnerability in the terminal
subsystem. Reportedly, this issue can be triggered by issuing a TIOCSETD
ioctl to a terminal interface at the moment a read or write operation is
being performed by another thread. This could result in a denial of
service or allow kernel memory to be read.
18. Linux Kernel Terminal Locking Race Condition Vulnerability
BugTraq ID: 11492
Remote: Yes
Date Published: Oct 21 2004
Relevant URL: http://www.securityfocus.com/bid/11492
Summary:
A race condition vulnerability exists in the Linux Kernel terminal
subsystem. This issue is related to terminal locking and is exposed when a
remote user connects to the computer through a PPP dialup port.
Reportedly, when the remote user issues the switch from console to PPP,
there is a small window of opportunity to send data that will trigger
the vulnerability. The report indicates that this may cause a denial of
service. It is unknown if there are other impacts for this
vulnerability.
19. Altiris Deployment Server Remote Command Execution Vulnerabi...
BugTraq ID: 11498
Remote: Yes
Date Published: Oct 21 2004
Relevant URL: http://www.securityfocus.com/bid/11498
Summary:
Altiris Deployment Server is reported vulnerable to a remote command
execution vulnerability in the client portion of the software. This is
due to a failure of the application to properly authenticate that
commands originate from an authorized server.
This vulnerability allows attackers with local access to a network to
impersonate a valid deployment server and issue arbitrary commands to
the client computers.
20. Xpdf PDFTOPS Multiple Integer Overflow Vulnerabilities
BugTraq ID: 11501
Remote: Yes
Date Published: Oct 21 2004
Relevant URL: http://www.securityfocus.com/bid/11501
Summary:
It is reported that pdftops is susceptible to multiple integer overflow
vulnerabilities. This issue is due to a failure of the application to
properly ensure that user-supplied input does not result in the
overflowing of integer values. This may result in data being copied past the
end of a memory buffer.
These overflows cause smaller than expected memory regions to be
allocated by the application. Subsequent operations are likely to overwrite
memory regions past the end of the allocated buffer, allowing attackers
to overwrite critical memory control structures. This may allow
attackers to control the flow of execution, and potentially execute
attacker-supplied code in the context of the affected application.
Applications using embedded xpdf code may be vulnerable to these issues
as well.
21. LibTIFF OJPEG Heap Buffer Overflow Vulnerability
BugTraq ID: 11506
Remote: Yes
Date Published: Oct 22 2004
Relevant URL: http://www.securityfocus.com/bid/11506
Summary:
LibTIFF is affected by a heap buffer overflow vulnerability. This issue
is due to a failure of the application to properly perform boundary
checks prior to copying user-supplied strings into finite process buffers.
An attacker may leverage this issue to execute arbitrary code on a
vulnerable computer with the privileges of the user running the vulnerable
application, facilitating unauthorized access. This issue may also be
leveraged to cause an affected application to crash.
22. HP ServiceGuard Undisclosed Remote Vulnerability
BugTraq ID: 11507
Remote: Yes
Date Published: Oct 22 2004
Relevant URL: http://www.securityfocus.com/bid/11507
Summary:
HP ServiceGuard is reported prone to an undisclosed remote
vulnerability.
The exact details of this vulnerability are unclear, but it is reported
that an attacker may exploit this vulnerability to gain elevated
privileges.
This BID will be updated as soon as further information regarding this
vulnerability is made available.
III. LINUX FOCUS LIST SUMMARY
-----------------------------
NO NEW POSTS FOR THE WEEK 2004-10-19 to 2004-10-26.
IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. Cyber-Ark Inter-Business Vault
By: Cyber-Ark
Platforms: Linux, Windows 2000, Windows NT, Windows XP
Relevant URL:
http://www.cyber-ark.com/datasecuritysoftware/inter-business_vault.htm
Summary:
Based on Cyber-Ark Software's Vaulting Technology, the Inter-Business
Vault, an information security solution that enables organizations to
safely overcome traditional network boundaries in order to securely share
business information among customers, business partners, and remote
branches. It provides a seamless, LAN-like experience over the Internet
that includes all the security, performance, accessibility, and ease of
administration required to allow organizations to share everyday
information worldwide. To learn more about these core attributes of the
Inter-Business Vault click on the relevant link below:
2. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS,
Solaris, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL:
http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary:
EnCase Forensic Edition Version 4 delivers the most advanced features
for computer forensics and investigations. With an intuitive GUI and
superior performance, EnCase Version 4 provides investigators with the
tools to conduct large-scale and complex investigations with accuracy and
efficiency. Guidance Software?s award winning solution yields
completely non-invasive computer forensic investigations while allowing
examiners to easily manage large volumes of computer evidence and view all
relevant files, including "deleted" files, file slack and unallocated
space.
The integrated functionality of EnCase allows the examiner to perform
all functions of the computer forensic investigation process. EnCase's
EnScript, a powerful macro-programming language and API included within
EnCase, allows investigators to build customized and reusable forensic
scripts.
3. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000,
Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary:
KeyGhost SX discreetly captures and records all keystrokes typed,
including chat conversations, email, word processor, or even activity within
an accounting or specialist system. It is completely undetectable by
software scanners and provides you with one of the most powerful stealth
surveillance applications offered anywhere.
Because KeyGhost uses STRONG 128-Bit encryption to store the recorded
data in it?s own internal memory (not on the hard drive), it is
impossible for a network intruder to gain access to any sensitive data stored
within the device.
4. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary:
Evidian's SafeKit technology makes it possible to render any
application available 24 hours per day. With no extra hardware: just use your
existing servers and install this software-only solution.
This provides ultimate scalability. As your needs grow, all you need to
do is add more standard servers into the cluster. With the load
balancing features of SafeKit, you can distribute applications over multiple
servers. If one system fails completely, the others will continue to
serve your users.
5. Astaro Linux Firewall
By: Astaro
Platforms: Linux
Relevant URL: http://www.astaro.com/php/statics.php?action=asl&lang=gb
Summary:
Astaro Linux Firewall: All-in-one firewall, virus protection, content
filtering and spam protection internet security software package for
Linux.
Free download for home users.
6. CAT Cellular Authentication Token and eAuthentication Servic...
By: Mega AS Consulting Ltd
Platforms: Java, Linux, OpenBSD, Os Independent, SecureBSD, Solaris,
UNIX, Windows 2000, Windows NT
Relevant URL: http://www.megaas.co.nz
Summary:
Low cost, easy to use Two Factor Authentication One Time Password token
using the Cellular. Does not use SMS or communication, manages multiple
OTP accounts - new technology. For any business that want a safer
access to its Internet Services. More information at our site.
We also provide eAuthentication service for businesses that will not
buy an Authentication product but would prefer to pay a monthly charge
for authentication services from our our CAT Server.
V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. PIKT - Problem Informant/Killer Tool v1.17.0
By: Robert Osterlund, robert.osterlund@gsb.uchicago.edu
Relevant URL: http://pikt.org
Platforms: AIX, FreeBSD, HP-UX, IRIX, Linux, Solaris, SunOS
Summary:
PIKT is a cross-categorical, multi-purpose toolkit to monitor and
configure computer systems, organize system security, format documents,
assist command-line work, and perform other common systems administration
tasks.
PIKT's primary purpose is to report and fix problems, but its
flexibility and extendibility evoke many other uses limited only by your
imagination.
2. ID-Synch 3.1
By: M-Tech Information Technology, Inc.
Relevant URL: http://idsynch.com/
Platforms: AIX, AS/400, DG-UX, Digital UNIX/Alpha, HP-UX, IRIX, Linux,
MacOS, MPE/iX, Netware, OpenBSD, OpenVMS, OS/2, OS/390, RACF, Solaris,
SunOS, True64 UNIX, Ultrix, VM, VMS, VSE, Windows 2000, Windows NT
Summary:
ID-Synch is enterprise user provisioning software. It reduces the cost
of user administration, helps new and reassigned users get to work more
quickly, and ensures prompt and reliable access termination. This is
accomplished through automatic propagation of changes to user profiles
from systems of record to managed systems, with self service workflow for
security change requests, through consolidated and delegated user
administration, and with federation.
3. Nmap v3.70
By: Fyodor
Relevant URL: http://www.insecure.org/nmap/
Platforms: AIX, BSDI, FreeBSD, HP-UX, IRIX, Linux, NetBSD, OpenBSD,
Solaris, SunOS, UNIX
Summary:
Nmap is a utility for port scanning large networks, although it works
fine for single hosts. Sometimes you need speed, other times you may
need stealth. In some cases, bypassing firewalls may be required. Not to
mention the fact that you may want to scan different protocols (UDP,
TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN
(half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp
proxy (bounce attack) scanning, SYN/FIN scanning using IP frag
4. THC-Hydra v4.3
By: THC
Relevant URL: http://www.thc.org/releases/hydra-4.3-src.tar.gz
Platforms: AIX, FreeBSD, HP-UX, IRIX, Linux, NetBSD, OpenBSD, Solaris,
UNIX
Summary:
THC-Hydra - parallized login hacker is available: for Samba, FTP, POP3,
IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS,
Cisco and more. Includes SSL support and is part of Nessus. Visit the
project web site to download Win32, Palm and ARM binaries. Changes:
important bugfix!
5. Pads 1.1
By: Matt Shelton
Relevant URL:
http://freshmeat.net/projects/pads/?branch_id=52504&release_id=169973
Platforms: Linux
Summary:
Pads (Passive Asset Detection System) is a signature-based detection
engine used to passively detect network assets. It is designed to
complement IDS technology by providing context to IDS alerts.
6. cenfw 0.3b
By: Peter Robinson
Relevant URL: http://www.securegateway.org
Platforms: Linux, Windows 2000, Windows NT, Windows XP
Summary:
The Centron IPTables Firewall Gui is an object oriented, database
driven, windows interface to linux IPtables firewall rules.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to
linux-secnews-unsubscribe@securityfocus.com from the subscribed
address. The contents of the subject or message body do not matter. You will
receive a confirmation request message to which you will have to answer.
Alternatively you can also visit
http://www.securityfocus.com/newsletters and unsubscribe via the
website.
If your email address has changed email listadmin@securityfocus.com and
ask to be manually removed.
VII. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored By: SecurityFocus
Stay up to date. All the latest news, columns, jobs and more in a
convenient html newsletter - Even a glimpse of upcoming columns and
feature
articles! Sign up today!
http://www.securityfocus.com/htmlnewsletter/subscribe
------------------------------------------------------------------------